General

  • Target

    SecuriteInfo.com.Win32.PWSX-gen.8053.6874.exe

  • Size

    1.0MB

  • Sample

    221118-m3dvdshb95

  • MD5

    5ef1ddae8845fe10cc9ed22671721325

  • SHA1

    640aa9f2924f6dd9f0ce4715afcdedd71b784cf8

  • SHA256

    40b850fee63af78a35cd4f52c27b37d62879df299fb83c4f639d5efb9af1c283

  • SHA512

    ed9eaae87a0b9bc6d8b83fa7884d527105c742645ebb6fc6e652b19028ba0529b1e220f17477f51f04b7d2e1b8897dd7e4a0a4330dd2bc7ec1579a974eef29ad

  • SSDEEP

    24576:fBnG30YCoFO+M+eylRh1Q2hb1BOZyWlnjIcbfcSjZnbCkI:fBn+9Fu+jlaMb1BPWecTcSjZnbCkI

Malware Config

Targets

    • Target

      SecuriteInfo.com.Win32.PWSX-gen.8053.6874.exe

    • Size

      1.0MB

    • MD5

      5ef1ddae8845fe10cc9ed22671721325

    • SHA1

      640aa9f2924f6dd9f0ce4715afcdedd71b784cf8

    • SHA256

      40b850fee63af78a35cd4f52c27b37d62879df299fb83c4f639d5efb9af1c283

    • SHA512

      ed9eaae87a0b9bc6d8b83fa7884d527105c742645ebb6fc6e652b19028ba0529b1e220f17477f51f04b7d2e1b8897dd7e4a0a4330dd2bc7ec1579a974eef29ad

    • SSDEEP

      24576:fBnG30YCoFO+M+eylRh1Q2hb1BOZyWlnjIcbfcSjZnbCkI:fBn+9Fu+jlaMb1BPWecTcSjZnbCkI

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger Main payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Tasks